1. Introduction
Sort My Legacy ("we," "us," "our") operates sortmylegacy.com. We are committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian laws. This Privacy Policy describes our practices regarding the collection, use, storage, and disclosure of your information.
2. Data Controller
Sort My Legacy is the data controller for personal data processed through the Service. For privacy-related inquiries, contact: privacy@sortmylegacy.com
3. Personal Data We Collect
Account and profile:
- Email address, name, mobile number
- Date of birth, gender (optional)
- Address and identification details (e.g., PAN, Aadhaar) if you choose to provide them
Usage data:
- Quiz answers, inventory entries, will drafts, document metadata
- Family member details you add
- Log data (IP address, browser type, pages visited)
Payment data:
- Processed by Razorpay; we do not store full card numbers
- Billing address, transaction identifiers
Password vault: Passwords are encrypted client-side. We never receive or store your master password or decrypted passwords. Zero-knowledge architecture.
4. Purpose and Use
We use your data to:
- Provide and improve the Service
- Authenticate your account and enforce security
- Process payments and manage subscriptions
- Send transactional emails (e.g., password reset, plan updates)
- Send optional marketing with your consent
- Comply with legal obligations
- Analyze usage to improve the product (aggregated, anonymized)
5. Legal Basis
We process your data based on: (a) your consent where required, (b) performance of our contract with you, (c) our legitimate interests (e.g., security, fraud prevention), and (d) legal obligations.
6. Data Sharing
We may share data with:
- Service providers: Supabase (database, auth, storage), Razorpay (payments), email/SMS providers
- Legal authorities: When required by law or to protect rights and safety
- Family/executors: Only as you configure (e.g., post-death access upon verification)
We do not sell your personal data.
7. Data Storage and Retention
Data is stored on servers in India where possible. We retain your data for as long as your account is active and as needed to provide the Service. After account deletion, we retain data as required by law (e.g., tax records) and delete or anonymize within our retention schedule (typically 30 to 90 days post-deletion, except where law requires longer).
8. Your Rights
Under DPDPA and our practices, you have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Erasure: Request deletion of your data (subject to legal retention)
- Portability: Request your data in a portable format
- Withdraw consent: Where processing is consent-based
- Grievance: Lodge a complaint with the Data Protection Board of India
To exercise these rights, contact: privacy@sortmylegacy.com
9. Security
We implement technical and organizational measures including encryption (in transit and at rest), access controls, and secure authentication. The password vault uses client-side encryption; we cannot access your stored passwords. You are responsible for safeguarding your account credentials and master password.
10. Cookies and Tracking
We use essential cookies for authentication and session management. We may use analytics cookies to understand usage (anonymized). You can manage cookie preferences in your browser. We do not use third-party advertising cookies.
11. Children
The Service is not intended for users under 18. We do not knowingly collect data from minors.
12. Changes
We may update this Privacy Policy. We will notify you of material changes via email or a notice on the Site. Continued use after changes constitutes acceptance.
13. Contact
For privacy questions or to exercise your rights: privacy@sortmylegacy.com